Open Source EMR

On April 23rd Senator John Rockefeller IV introduced the Health Information Technology Public Utility Act of 2009to to build upon open the source electronic health record (eleconic medical record) solution developed by the Department of Veterans Affairs (called VistA)  and other open source software (e.g. OpenEMR).  Unlike proprietary “closed source” software solutions, open source software allows unrestricted access to the source code and does not prohibit the use or re-distribution of software.

Open Source

Currently there are few EMR solutions avaliable in market.  However one vendor attempting to offer an open source solution is called clear-health (http://www.clear-health.com/).  According to ClearHealth’s website: “ClearHealth has taken the powerful VistA EMR system which powers the Veterans Administration health network and modernized it. With added, seamless, scheduling and billing WebVista offers the only fully comprehensive VistA based system in a cost-effective, Web 2.0.”  (http://www.clear-health.com/content/view/41/51/).

Open source is defined by three key characteristics:

• The right to make copies of the program, and distribute those copies;
• The right to have access to the software’s source code;
• The right to make improvements to the program.

(Bruce Perens, The Open Source Definition, 1st Edition Oreilly (January 1999)).

“Open source software is a cost-effective, proven way to advance health information technology – particularly among small, rural providers. This legislation does not replace commercial software; instead, it complements the private industry in this field – by making health information technology a realistic option for all providers.” (Senator Rockefeller)

Summary of Act

Health Information Technology Public Utility Act of 2009:

• Create a new federal Public Utility Board within the Office of the National Coordinator for Health IT to direct and oversee formation of this HIT Public Utility Model, its implementation, and its ongoing operation;
• Implement and administer a new 21st Century Health IT Grant program for safety-net providers to cover the full cost of open source software implementation and maintenance for up to five years, with the possibility of renewal for up to five years if required benchmarks are met;
• Facilitate ongoing communication with open source user groups to incorporate improvements and innovations from them into the core programs;
• Ensure interoperability between these programs, including as innovations are incorporated, and develop mechanisms to integrate open source software with Medicaid and CHIP billing;
• Create a child-specific Electronic Health Record (EHR) to be used in Medicaid, CHIP, and other federal children’s health programs; and
• Develop and integrate quality and performance measurement into open source software modules.

CCHIT Certification and the Open Source Community

CCHIT is the only certification body for electronic medical record systems (EMRs) to date there has been some disagreement around the relevance of the CCHIT standards with respect to open source solutions.  VistA is the U.S. Department of Veterans Affairs National Scale Healthcare Information Systems, which happens to be available for downloaded at no cost from http://www1.va.gov/cprsdemo/.  The open source community and CCHIT requirements are seen to be at odds by some.

One example, noted by a commentator,  SC 03.10 — requires that passwords shall support case-sensitive passwords that contain typeable alpha-numeric characters in support of ISO-646/ECMA-6 (US ASCII).

The commentator noted:

The problem, VistA supports three user ids, one that is equivalent to a username, and two that are similar to passwords. Without getting over my head on the details, there are two possible password types so that you can have one that your admin user can know and reset for you, and one that no one knows but you. There are all kind of administrator abuse scenarios that this addresses, but the VistA username/password/password system is not certifiable out of the box because it does not support case sensitivity. Which, as you can see, is a requirement. Most people are only aware of the CPRS client for VA VistA but in reality there are several clients, all of which support the username/password/password mechanism.  So when any VistA-based EHR goes and gets CCHIT certified it has to make the password system -act- dumber (in compliance with SC 03.09), and add case sensitivity.

(Fred Trotter, CCHIT Feature bucket)

Another critique and a response by CCHIT is avaliable at http://www.emrandhipaa.com/emr-and-hipaa/2009/02/24/cchit-being-thrown-under-the-bus/.  Some commentators argue that a commercial relationship is inconsistent with the definition of open source is required for CCHIT certification.

Bill Status

          

Related posts:

1. Analysis of the HITECH Act’s Incentives to Facilitate Adoption of Health Information Technology The “Health Information Technology for Economic and Clinical Health Act’’...
2. Open Source Programmers Collaborate To Improve the CONNECT Gateway On August 27th open source programmers met at HHS to...
3. The Elephant in the Room – Implementation Issues for a National Health Information Network from HIMSS 2010 HIMSS is the largest health care technology conference in the...
4. NIST announced the publication of Initial Public Draft Special Publication 800-128, Guide for Security Configuration Management of Information Systems. Configuration management remains a challenging issue especially for small and...
5. Key Issues in Privacy and Security for 2010 Next year should be interesting. From Red Flag compliance, federal...